Three Azure security features you might be overlooking
January 11 2021
Microsoft Azure provides confidentiality, integrity, and availability of customer data, while also enabling transparent accountability.
This blog on Microsoft Azure Security features, provides you a comprehensive look at the various security tools available within Microsoft Cloud Service.
In addition, Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments.
Among various features to ensure the security in MS Azure, three most essential security features you might be overlooking when running such workloads in cloud-based environment.
How Azure protects / secures your resources
1. Encryption at rest in Microsoft cloud services
What is Encryption at Rest & Why is it most essential
Encryption at rest provides data protection for stored data (at rest). Attacks against data at-rest include attempts to obtain physical access to the hardware on which the data is stored, and then compromise the contained data. In such an attack, a server's hard drive may have been mishandled during maintenance allowing an attacker to remove the hard drive. Later the attacker would put the hard drive into a computer under their control to attempt to access the data.
Encryption at rest is designed to prevent the attacker from accessing the unencrypted data by ensuring the data is encrypted when on disk. If an attacker obtains a hard drive with encrypted data but not the encryption keys, the attacker must defeat the encryption to read the data. This attack is much more complex and resource consuming than accessing unencrypted data on a hard drive. For this reason, encryption at rest is highly recommended and is a high priority requirement for many organizations.
Encryption at rest may also be required by an organization's need for data governance and compliance efforts. Industry and government regulations such as HIPAA, PCI and FedRAMP, lay out specific safeguards regarding data protection and encryption requirements. Encryption at rest is a mandatory measure required for compliance with some of those regulations.
How Encryption at Rest Work:
Encryption is the secure encoding of data used to protect confidentiality of data. The Encryption at Rest designs in Azure use symmetric encryption to encrypt and decrypt large amounts of data quickly according to a simple conceptual model:
A symmetric encryption key is used to encrypt data as it is written to storage.
The same encryption key is used to decrypt that data as it is readied for use in memory.
Data may be partitioned, and different keys may be used for each partition.
Keys must be stored in a secure location with identity-based access control and audit policies. Data encryption keys are often encrypted with a key encryption key in Azure Key Vault to further limit access.
2. Azure Security Center in Microsoft cloud services
How do we address the three most urgent security challenges?
Rapidly changing workloads – It's both a strength and a challenge of the cloud. On the one hand, end users are empowered to do more. On the other, how do you make sure that the ever-changing services people are using and creating are up to your security standards and follow security best practices?
Increasingly sophisticated attacks - Wherever you run your workloads, the attacks keep getting more sophisticated. You must secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don't follow security best practices.
Security skills are in short supply - The number of security alerts and alerting systems far outnumbers the number of administrators with the necessary background and experience to make sure your environments are protected. Staying up-to-date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front.
How do we manage such Security challenges in Cloud?
Azure Security Center helps you prevent, detect, and respond to threats, and provides you increased visibility into, and control over, the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a large set of security solutions.
Azure Security Center helps you optimize and monitor network security by:
Providing network security recommendations.
Monitoring the state of your network security configuration.
Alerting you to network based threats, both at the endpoint & network levels.
3. Identity Management Security in Microsoft cloud services
What is Identity Management?
Identity management is the process of authenticating and authorizing security principals. It also involves controlling information about those principles (identities). Security principles (identities) may include services, applications, users, groups, etc.
Such protection enables additional levels of validation, such as Multi-Factor Authentication and Conditional Access policies. Monitoring suspicious activity through advanced security reporting, auditing, and alerting helps mitigate potential security issues.
Azure Active Directory Premium provides single sign-on (SSO) to thousands of cloud software as a service (SaaS) apps and access to web apps that you run on-premises.
By taking advantage of the security benefits of Azure Active Directory (Azure AD), you can:
Provide SSO access to your applications, including thousands of pre-integrated SaaS apps.
Enable application access security by enforcing rules-based Multi-Factor Authentication for both on-premises and cloud applications.
Provision secure remote access to on-premises web applications through Azure AD Application Proxy.